How to block http inbound connection by http header
-
Hi guys!
I need to block DDos attack like this one (apache's access.log) by "puthon-request/2.28.2" match rules:
165.22.52.169 - - [01/Feb/2023:14:23:33 +0100] "GET /index.php HTTP/1.1" 200 192 "-" "python-requests/2.28.1"
Which package of two HAProxy or SquidGuard is right for me?
Thanks, Ale
-
@alexferro32 Are you using HA Proxy or SquidGuard as reverse proxies? Could also run Suricata and create your own custom rule.
Could create a rule to block just the source IP.You have multiple options available but how you do it depends on your network setup and resources available on the pfsense.
-
@michmoor exactly... To be honest, that is DO - in what scenario would they ever need to be inbound to you?
Block all of their ASNs
NetRange: 165.22.0.0 - 165.22.255.255 CIDR: 165.22.0.0/16 NetName: DIGITALOCEAN-165-22-0-0
pfblocker makes it easy to look up ASNs and put them into a alias and then block that completely from your services you don't want them to be able to talk to.. DO while is a big cloud provider - why would you have need of inbound traffic from them? They are not known for being to particular on how they allow their services to be used.